Posted by: David Harley | December 8, 2017

More Apple updates

Further patches for the High Sierra kernel and some other bits and bobs, following the recent emergency patch for a login fiasco and an iOS update at the weekend.

Shaun Nichols for The Register: Apple gets around to patching all the other High Sierra security holes – Another week, another Mac patch to install

Zeljka Zorz for HelpNet: Apple users, it’s time for new security updates

David Harley


Posted by: David Harley | November 30, 2017

These may be the droids you’re looking for…

Richard Chirgwin for The Register: Surprise: Android apps are riddled with trackers – Hundreds of apps put snoops to work, and then there’s ‘supersonic tone tracking’

On the other hand, Lisa Vaas for Sophos advises us of an interesting security feature on its way: Google AI lets phone owners know about shoulder surfers

David Harley

Posted by: David Harley | November 30, 2017

iOS security weakening?

Oleg Afonin for ElcomSoft is sceptical about the security of iOS 11:  iOS 11 Horror Story: the Rise and Fall of iOS Security.

If correct, pretty alarming. I shall be interested to see what reactions hit the fan…

David Harley

Posted by: David Harley | November 30, 2017

iOS Jailbreaking – on the Way Out…

I hadn’t thought about jailbreaking for ages, but MacRumors points out: Two Major Cydia Repositories Shut Down as Jailbreaking Fades in Popularity.

Extract from the article:

“What do you get in the end?” asked Cydia creator Jay Freeman, in an interview withMotherboard. “It used to be that you got killer features that almost were the reason you owned the phone. And now you get a small minor modification.”

David Harley

Posted by: David Harley | November 29, 2017

Apple plugs hole in Root canal

This issue came up while I was occupied elsewhere, so I’ve included some links explaining the problem. However, the crucial thing is that Apple has published (with commendable speed) a fix for the issue with High Sierra 10.13.1 (apparently earlier builds aren’t impacted).

Sophos: Apple closes that big root hole – “Install this update as soon as possible”

Apple’s announcement

Apple’s update:  Security Update 2017-001

Sophos on the problem: Apple Macs have gaping root hole – here’s a superquick way to check and fix it

The Register: As Apple fixes macOS root password hole, here’s what went wrong “While you patch your Mac, take a look at what upset the Apple cart this week”

The Register (earlier): Pro tip: You can log into macOS High Sierra as root with no password – Apple, this is Windows 95 bad – but there is a workaround to kill the bug 

David Harley

Posted by: David Harley | November 19, 2017

Android crackdown on misuse of accessibility services

ZDnet: Android security: Google cracks down on apps that want to use accessibility services

Danny Palmer: “Measure would prevent feature designed for aiding disabled users from being abused by malicious apps — but could force changes for popular apps, too.”

David Harley

Posted by: David Harley | November 19, 2017

Android’s out-of-date devices

For ZDnet, Liam Tung describes Android’s big problem: Over a billion devices are more than two years out of date. (I do hate pages that enforce videos…)

It’s based on rather an interesting article, though, by Dan Luu: How out of date are android devices?

David Harley

Posted by: David Harley | November 6, 2017

Android: fake WhatsApp app

Pierluigi Paganini: Fake WhatsApp app in official Google Play Store downloaded by over a million Android users.

“The Reddit user DexterGenius has decompiled the fake WhatsApp version and discovered it is an ad-loaded wrapper which included the code to download a second apk.”

David Harley

Posted by: David Harley | November 3, 2017

Apple Updates

Zeljka Zorz for Help Net Security summarizes: Apple protects its Wi-Fi enabled devices from KRACK attack.

Also, updates addressing vulnerabilities in Webkit, Safari, iOS, 3rd party packages in macOS, APFS…

David Harley

Posted by: David Harley | October 26, 2017

AV-Test look at anti-malware for Android

The Register comments on the recent AV-Test look at anti-malware programs for Android. Good performance almost all round, with Google’s own Play Protect trailing the pack by some way.

The Register: “Google Play Protect is ‘dead last’ at detecting malware on Android – Don’t expect ads giant to stop all software nasties for you – it certainly can’t”

AV-Test: “The best antivirus software for Android – AV-TEST Product Review Report – Sep/2017

David Harley

Older Posts »